CVE-2014-3170 in Google Chrome
摘要 (英语)
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a \0 character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
预定
2014-05-03
披露
2014-08-26
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 67412 | Google Chrome Extension Permission 权限提升 | 264 | 未经证实 | 官方修复 | CVE-2014-3170 |